Skip to main content
Tag

microsoft patch tuesday updates

|

October Patch Tuesday: Silent But Deadly

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Should Third-Party Really Be your Second Priority?

If you have a patching strategy delivering Microsoft updates on a routine basis, you should extend that capacity to include third-party updates.

Just a couple weeks ago, we discovered a massive compromise in one of the world’s largest business and personal computer utilities, “CCleaner” by Piriform.

Version 5.33.6162 was released with injected malicious code which would expose any system to hackers remotely gaining access to that system. To make matters worse, CCleaner does not come with an automatic update capability so remediating these issues requires a toolset which can remotely deploy or patch third-party software. Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12, with a new, uncompromised version of CCleaner being released the same day.

Robert Brown, Director of Services for Verismic said, “Your patch management strategy must include both the operating system and any software or third-party updates to be reassured of your environment’s safety. Deploying only Windows updates is not closing the holes used by hackers in the current wave of ever increasing sophisticated hacks.

Syxsense includes both Microsoft, Linux and the most popular third-party vendors so you can be reassured everything is covered.”

Source: TechPowerUp

[vc_single_image image=”12852″ img_size=”200×200 px”]

What takes 206 days?

Cyberattacks are an increasingly serious risk for organizations, but many executives believe their organization won’t be targeted. They claim their organization is too small to be on the attackers’ radars or that they have nothing worth stealing.

Many cybercriminals are indiscriminate in their attacks and can always find something of interest. However, companies that believe they’re safe may already be penetrated – they just don’t know it yet.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

A study found that US companies took an average of 206 days to detect a data breach. This is an increase on the previous year (201 days) where a survey showed 20 percent of employees showed a lack of awareness for safe social media posting, choosing risky actions such as posting on their personal social media accounts. Data breaches are contained sooner if they’re detected by a staff member when conducting routine assessments of potential vulnerabilities within their organization.

“This is why it is important to have a proactive stance when it comes to patch management,” said Brown. “How long will it take before you realize you have been compromised?”

Ransomware is the fastest growing security threat, yet most companies are unprepared to deal with it, says a new study. Companies and government agencies are overwhelmed by frequent, severe attacks, according to the 2017 Ransomware Report commissioned by Cybersecurity Insiders and conducted by Crowd Research. That illustrates why ransomware damages are expected to hit $6,000,000,000 this year.

[vc_separator]

October Patch Tuesday Release

Microsoft published its monthly security updates on October 10, 2017, addressing 62 vulnerabilities in Windows, Internet Explorer, Edge, and Office. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service. View details of the complete Security Update Guide here.

We have selected the updates to prioritize this month. Our recommendation has been made using evidence from industry experts, anticipated business impact and the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium, and 0-3.9 are Low.

ID Vulnerability Alert CVSS Base Score Recommended
CVE-2017-11779 Microsoft Windows DNSAPI Arbitrary Code Execution Vulnerability 9.8 Yes
CVE-2017-11786 Microsoft Skype for Business Elevation of Privilege Vulnerability 8.3 Yes
CVE-2017-8717 Microsoft Windows JET Database Engine Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-8718 Microsoft Windows JET Database Engine Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-11771 Microsoft Windows Search Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-11781 Microsoft Windows Server Message Block Denial of Service Vulnerability 7.5 Yes
CVE-2017-11819 Microsoft Windows Shell Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11782 Microsoft Windows Server Message Block Privilege Escalation Vulnerability 7.4 Yes
CVE-2017-11783 Microsoft Windows Privilege Escalation Vulnerability 7.4 Yes
CVE-2017-11780 Microsoft Windows Server Message Block Arbitrary Code Execution Vulnerability 7.3 Yes
CVE-2017-8689 Microsoft Windows Kernel-Mode Driver Privilege Escalation Vulnerability 7 Yes
CVE-2017-8694 Microsoft Windows Kernel-Mode Driver Privilege Escalation Vulnerability 7 Yes
CVE-2017-11824 Microsoft Windows Graphics Component Privilege Escalation Vulnerability 7 Yes
CVE-2017-8703 Microsoft Windows Subsystem for Linux Denial of Service Vulnerability 6.8 Yes
CVE-2017-11776 Microsoft Windows Universal Outlook Information Disclosure Vulnerability 6.5 Yes
CVE-2017-11815 Microsoft Windows Server Message Block Information Disclosure Vulnerability 6.4
CVE-2017-11784 Microsoft Windows Kernel Information Disclosure Vulnerability 6.1
CVE-2017-11785 Microsoft Windows Kernel Information Disclosure Vulnerability 6.1
CVE-2017-11772 Microsoft Windows Search Service Information Disclosure Vulnerability 5.9
CVE-2017-11816 Microsoft Windows Graphics Device Interface+ Information Disclosure Vulnerability 5.7
CVE-2017-11829 Microsoft Windows Update Delivery Optimization Privilege Escalation Vulnerability 5.5
CVE-2017-11775 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-11777 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-11820 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-8693 Microsoft Windows Graphics Information Disclosure Vulnerability 5.3
CVE-2017-8715 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3
CVE-2017-11765 Microsoft Windows Kernel Information Disclosure Vulnerability 5.3
CVE-2017-11814 Microsoft Windows Kernel Information Disclosure Vulnerability 5.3
CVE-2017-11823 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3
CVE-2017-11817 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11818 Microsoft Windows Storage Security Feature Bypass Vulnerability 4.5
CVE-2017-11790 Microsoft Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2017-11794 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-8726 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8727 Microsoft Windows Shell Memory Corruption Vulnerability 4.2
CVE-2017-11762 Microsoft Windows Graphics Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11763 Microsoft Windows Graphics Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11769 Microsoft Windows TRIE Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11774 Microsoft Outlook Security Feature Bypass Vulnerability 4.2
CVE-2017-11792 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11793 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11796 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11797 Microsoft ChakraCore Memory Corruption Vulnerability 4.2
CVE-2017-11798 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11799 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11800 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11801 Microsoft ChakraCore Memory Corruption Vulnerability 4.2
CVE-2017-11802 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11804 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11805 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11806 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11807 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11808 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11809 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 4.2
CVE-2017-11810 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11811 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11812 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11813 Microsoft Internet Explorer Memory Corruption Vulnerability 4.2
CVE-2017-11821 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11822 Microsoft Internet Explorer Memory Corruption Vulnerability 4.2
CVE-2017-11825 Microsoft Office Memory Corruption Vulnerability 4.2
CVE-2017-11826 Microsoft Office Memory Corruption Vulnerability 4.2
[vc_separator][dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START FREE SYXSENSE TRIAL[/dt_default_button]
|||

September Patch Tuesday: Escaping the Equi-Hack

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Money Well Spent

Every dollar of fraud to merchants and firms in the retail and financial services sector is estimated to cost $2.66 on average, said a new fraud report.

The LexisNexis Fraud Multiplier estimates the total amount of loss a business incurs, based on chargebacks, fees, interest, merchandise replacement and redistribution.

The study also investigates fraud costs as a percentage of revenues, as reported by survey respondents, to be nearly 2 percent (1.90 percent) across retail, e-commerce, financial services and digital lending businesses. Businesses that sell digital goods and/or conduct transactions primarily through remote channels take an even harder hit to their bottom line at 2.51 percent of revenues.

Robert Brown, Director of Services for Verismic says, “It’s astonishing how much money is being lost because critical systems are not being kept up to date. Updating critical systems is so easy using Syxsense. We recommend starting a trial to see how it can work for you.” Full article can be found here.

As recent as last Wednesday, a U.S. government website was hosting malicious ransomware. It has been wildly speculated that either the site was hacked, or it possibly stores attachments from government officials’ emails and the downloader was archived.

[vc_single_image image=”13032″ img_size=”200×200 px”]

The ransomware had similarities to the Blank Slate spam campaign which earlier this year was spreading Cerber. Emails in that campaign contained only a double-zip archive with the second containing either a malicious JavaScript file or a malicious Microsoft Word document. The emails contain no text, and experts believed then that all of this combined to evade detection.

Researcher Ankit Anubhav of NewSky Security tweeted the discovery Wednesday, and within hours, the malware link was taken down. It’s unknown whether anyone was infected through the site, full article can be found here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Check your Equifax Credit Report and Score Now

Victims of the massive Equifax breach may have to wait days to find out if they were impacted. Americans who either applied for new jobs, loans, or just wanted to check their credit score via Equifax are having a difficult time getting answers as to whether they are part of the breach of 143 million records that occurred Thursday.

Details of how this breach happened is still very unclear, however with companies suffering the same fate over the past year, the root cause is likely to be via a sophisticated cyberattack exposed using vulnerable software or operating systems.

Robert Brown, Director of Services for Verismic says, “We recommend clients download our ‘5 Biggest Patch Mistakes‘ whitepaper.

Microsoft published its monthly security updates on September 12, 2017. Microsoft addressed 81 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, and Microsoft Office. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service. Full details of the complete Security Update Guide can be found here.

Microsoft Updates

We have chosen a few updates to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

ID Vulnerability Alert CVSS Score Recommended
CVE-2017-8686 Microsoft Windows DHCP Server Remote Code Execution Vulnerability 9.8 Yes
CVE-2017-8630 Microsoft Office Memory Corruption Vulnerability 9.6 Yes
CVE-2017-8631 Microsoft Office Memory Corruption Vulnerability 9.6 Yes
CVE-2017-8632 Microsoft Office Memory Corruption Vulnerability 9.6 Yes
CVE-2017-8725 Microsoft Office Publisher Arbitrary Code Execution Vulnerability 9.6 Yes
CVE-2017-9417 Microsoft Windows HoloLens Wireless Network Driver Arbitrary Code Execution Vulnerability 8.8 Yes
CVE-2017-8567 Microsoft Office Arbitrary Code Execution Vulnerability 8.6 Yes
CVE-2017-8744 Microsoft Office Memory Corruption Vulnerability 8.6 Yes
CVE-2017-8682 Microsoft Windows Graphics Component Remote Code Execution Vulnerability 8.4 Yes
CVE-2017-8742 Microsoft PowerPoint Arbitrary Code Execution Vulnerability 8.3 Yes
CVE-2017-8743 Microsoft PowerPoint Arbitrary Code Execution Vulnerability 8.3 Yes
CVE-2017-0161 Microsoft Windows NetBIOS Packet Processing Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-8628 Microsoft Windows Bluetooth Driver Spoofing Vulnerability 8.1 Yes
CVE-2017-8714 Microsoft Windows Remote Desktop Virtual Host Arbitrary Code Execution Vulnerability 7.8 Yes
CVE-2017-8720 Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability 7.8 Yes
CVE-2017-8759 Microsoft .NET Framework Arbitrary Code Execution Vulnerability 7.8 Yes
CVE-2017-8695 Microsoft Windows Uniscribe Component Information Disclosure Vulnerability 7.5 Yes
CVE-2017-8696 Microsoft Windows Uniscribe Component Arbitrary Code Execution Vulnerability 7.5 Yes
CVE-2017-8702 Microsoft Windows Privilege Escalation Vulnerability 7.5 Yes
CVE-2017-8747 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-8749 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-8750 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-8706 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8707 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8711 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8712 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8713 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8675 Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability 7 Yes
CVE-2017-8699 Microsoft Windows Shell Command Arbitrary Code Execution Vulnerability 6.4
CVE-2017-8758 Microsoft Exchange Cross-Site Scripting Vulnerability 6.1
CVE-2017-8677 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8678 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8679 Microsoft Windows Kernel Information Disclosure Vulnerability 5.5
CVE-2017-8680 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8681 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8683 Microsoft Windows Graphics Component Information Disclosure Vulnerability 5.5
CVE-2017-8684 Microsoft Windows Win32k Graphics Component Information Disclosure Vulnerability 5.5
CVE-2017-8685 Microsoft Windows Win32k Graphics Component Information Disclosure Vulnerability 5.5
CVE-2017-8687 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8688 Microsoft Windows Graphics Device Interface Information Disclosure Vulnerability 5.5
CVE-2017-8629 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-8745 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-8704 Microsoft Windows Hyper-V Denial of Service Vulnerability 5.3
CVE-2017-8746 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3
CVE-2017-11761 Microsoft Exchange Information Disclosure Vulnerability 5.3
CVE-2017-8692 Microsoft Windows Uniscribe Component Arbitrary Code Execution Vulnerability 5
CVE-2017-8716 Microsoft Windows Security Feature Bypass Vulnerability 4.9
CVE-2017-8708 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8709 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8719 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8710 Microsoft Windows Kernel Information Disclosure Vulnerability 4.4
CVE-2017-8597 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.3
CVE-2017-8643 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-8648 Microsoft Edge Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-8723 Microsoft Edge Security Bypass Vulnerability 4.3
CVE-2017-8724 Microsoft Edge Spoofing Vulnerability 4.3
CVE-2017-8733 Microsoft Internet Explorer Spoofing Vulnerability 4.3
CVE-2017-8735 Microsoft Edge Spoofing Vulnerability 4.3
CVE-2017-8736 Microsoft Edge and Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2017-8739 Microsoft Edge Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-8649 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8660 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8728 Microsoft Windows PDF Document Processing Arbitrary Code Execution Vulnerability 4.2
CVE-2017-8729 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8731 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8734 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8737 Microsoft Windows PDF Document Processing Arbitrary Code Execution Vulnerability 4.2
CVE-2017-8738 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8740 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8741 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8748 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8751 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8752 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8753 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8754 Microsoft Edge Security Bypass Vulnerability 4.2
CVE-2017-8755 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8756 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8757 Microsoft Edge Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11764 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11766 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8676 Microsoft Windows Graphics Device Interface Information Disclosure Vulnerability 3.3
[vc_separator]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]